This week, we see companies offering free reports and webinars to help automakers deal with cybersecurity. GuardKnox is offering a free report, iHS Markit is offering a free Synopsis Cybersecurity Webinar hosted by Colin Byrd with a free report and Upstream shows automotive vulnerabilities:
Free Automotive Cybersecurity Report
GuardKnox is offering a free report, “The Accelerating Cyber-Security Threat Landscape in the Automotive Industry.”
Ransomware continues to be a major and growing global scourge. The number of ransomware attacks on businesses tripled in 2017, achieving the notoriety of an attack every minute. According to a leading cyber security survey, 54% of organizations were attacked last year and a further 31% expect to be victimized in the future.
Ransomware can attack anywhere along the automotive supply chain from manufacturers to suppliers, from maintenance providers to aftermarket equipment manufacturers and, of course, the car itself. The recent and highly destructive WannaCry ransomware successfully penetrated a Honda manufacturing plant in Japan causing an expensive shutdown. Nissan and Renault reported production stoppages in Japan, Britain, France, Romania and India.
Mitchell International, a large aftermarket car-parts replacement resource for collision-damaged vehicles, had to take its customers off-line for 48 hours after WannaCry struck their systems.
With a wealth of knowledge about endpoints and a healthy financial incentive to invade them, hackers concoct all sorts of schemes to separate people and organizations from their data. They use the latest encryption methodologies to prevent access to critical or vulnerable data by their owners and processors.
“Because of its self-contained nature and limited digital communication with the outside, the traditional car has a very small attack surface. However, as the car becomes more connected, its attack surface expands. Each and every ECU that receives commands from external sources is now an attack vector. The internal buses in the car can be exploited to transport malware from ECU to ECU to infect wider functions.” states the report.
Surpassing 25GB per hour, the data that the connected vehicle transmits emulates all the components of a typical endpoint communicating over an IT network. The entry system’s door-lock combination, where you are and where you go, your mobile purchases (your smartphone is part of the ecosystem, too), your credit card numbers, and much more are all stored and accessible via the car. These data nuggets are magnets to the ransomware hacker.
While personal data is certainly a prize worth hacking for, the connected vehicle has something that a computer endpoint could never dream of – significant intrinsic value. No hacker demands your $400 laptop as ransom. However, your car is worth tens of thousands of dollars. Your truck, much more. The cargo that you are hauling could be worth millions.
Just as the ransomware hacker encrypts data on the laptop and demands money before he will decrypt and release it back to you, he can do the same with your vehicle. But never mind the data. Vehicle ransomware cyber attacks can stop your vehicle from functioning altogether or, worse, can render vital functions of your car non-operational while you are on the highway.
Pay up or lose your car or cargo. Pay up or your car sits there like a rock at the side of the road. Pay up or your brakes don’t function.
At each level of the connected-vehicle ecosystem, the appropriate cyber security solution must be applied. Where the ecosystem resembles typical open IT networks, the solutions that are commonly applied there should be adopted by the automobile industry. These include SOCs, Incident Response teams and more.
iHS Markit Free Webinar with Colin Byrd
The threat of cyber-attacks against automotive platforms is real today and growing rapidly. As cars become more connected, their attack surfaces increase along with the volume and value of their data, attracting legions of hackers. The threat to moving vehicles goes way beyond the data—it also involves loss of life, injury and property damage.
Date: Wednesday, April 18, 2018
Time: 8 am San Francisco / 11 am New York / 4 pm London
Duration: 45 min + Q&A
Automakers are offering greater connectivity features in new vehicles to improve safety and the driving experience and to open up new monetization and business opportunities. That increase in connectivity creates a large potential attack surface that may be lucrative for hackers. Most major automakers have already been hacked, mostly by benevolent researchers known as “white hat” hackers. Software and hardware security failures have the potential to cause a broader range of problems and be more costly to fix and more damaging to the automaker’s brand than mechanical failures, especially as we move to software-driven vehicles.
OEMs, Tier 1, and Tier 2 suppliers must adopt new techniques and technologies to build security into automotive software and systems.
In this webinar, IHS Markit and Synopsys will explain the growing automotive security market. A range of techniques for building in security at the most fundamental levels will be explored, from establishing a security risk management process in parallel with safety, to getting an organization to look at software and system development from an attacker’s perspective including identifying, classifying, and categorizing risk factors, to selecting security IP that enables more cost-efficient silicon design and the highest levels of securiy for automotive applications.
- The underlying forces compelling the market to move towards secure automotive software and hardware
- How OEMs are responding to the growing threat of security vulnerabilities
- How suppliers are responding to new compliance requirements and OEM security interest
- What the chief security solutions are and how do they create “security in depth”
- Answers to audience questions during live Q&A
UpStream Down on As-Is Automotive Security Environments
UpStream reported that IT cybersecurity technologies can’t be implemented as-is in automotive environments. Wouldn’t it be great if connected-vehicle manufacturers, Tier 1 suppliers, fleet managers and other concerned souls could simply adopt many of the technologies, along with best practices, that comprise the legion of cyber defenses that defend IT endpoints, servers, networks and information?
It’s not so simple. Although there are many similarities, there are also differences and gaps which militate against the application of these technologies to protect the connected fleet.
Vehicles pose distinct challenges when it comes to cybersecurity:
- Proprietary telematics protocols
- Addition of software and hardware to vehicles is not trivial
- Risks associated with frequent remote software updates
- Protection from fraud and fleet business-policy violations
Upstream’s approach involves a non-intrusive, cloud-based security offering that stays current with advancements of cybersecurity technologies without having to penetrate the vehicles themselves. It ‘understands’ and inspects the application layer of propriety telematics protocols and examines the transmissions between vehicles and backend servers and other sources. It provides alerts for undesired or suspicious communications. Upstream protections and policies are always and automatically kept up to date utilizing Upstream’s unique automotive cybersecurity threat intelligence technology, eliminating the need to update vehicles remotely. In addition, Upstream leverages its analytic capabilities to detect fraud and violation of fleet policies in vehicles offered by rental, leasing, commercial fleets and ride-sharing services.
You are welcome to subscribe to receive email notification of publication of Connected Car News Cybersecurity, you can also get weekly news summaries or daily emails.